[openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names
Brian Reichert
reichert at numachi.com
Wed Nov 4 18:36:45 UTC 2015
On Wed, Nov 04, 2015 at 04:06:57PM +0100, Ben Humpert wrote:
> That guide is a little bit old and not very accurate. I setup my PKI
> using the OpenSSL Cookbook recommended to me by Rich Salz. This free
> guide / documentation is here:
> https://www.feistyduck.com/books/openssl-cookbook/ (Click "Free: Read
> Now" below the cover image). I also used various other sources to
> improve and adapt the configuration files and command lines.
IIRC correctly, you need to affect your ca.cf file to honor ('copy') the
extensions for a SAN.
Something like the detail here:
http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl
Second, modify the signing parameters. Find this line under the CA_default
section:
# Extension copying option: use with caution.
# copy_extensions = copy
And change it to:
# Extension copying option: use with caution.
copy_extensions = copy
--
Brian Reichert <reichert at numachi.com>
BSD admin/developer at large
More information about the openssl-users
mailing list